{
	"id": "fe368720-f56e-44a3-9b08-128690d4ca14",
	"created_at": "2026-04-06T00:10:02.029137Z",
	"updated_at": "2026-04-10T13:11:43.410241Z",
	"deleted_at": null,
	"sha1_hash": "f52aef01ad1861d37c421371dc889af75dc3e4aa",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46691,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:04:33 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool QCRat\n Tool: QCRat\nNames QCRat\nCategory Malware\nType Backdoor\nDescription No description available yet.\nInformation\nLast change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool QCRat\nChanged Name Country Observed\nAPT groups\n Goblin Panda, Cycldek, Conimes 2013-Jun 2020\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ef603ead-cd7b-43d4-8451-39ed8731f204\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ef603ead-cd7b-43d4-8451-39ed8731f204\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ef603ead-cd7b-43d4-8451-39ed8731f204"
	],
	"report_names": [
		"listgroups.cgi?u=ef603ead-cd7b-43d4-8451-39ed8731f204"
	],
	"threat_actors": [
		{
			"id": "7d553b83-a7b2-431f-9bc9-08da59f3c4ea",
			"created_at": "2023-01-06T13:46:39.444946Z",
			"updated_at": "2026-04-10T02:00:03.331753Z",
			"deleted_at": null,
			"main_name": "GOBLIN PANDA",
			"aliases": [
				"Conimes",
				"Cycldek"
			],
			"source_name": "MISPGALAXY:GOBLIN PANDA",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2c7ecb0e-337c-478f-95d4-7dbe9ba44c39",
			"created_at": "2022-10-25T16:07:23.690871Z",
			"updated_at": "2026-04-10T02:00:04.709966Z",
			"deleted_at": null,
			"main_name": "Goblin Panda",
			"aliases": [
				"1937CN",
				"Conimes",
				"Cycldek",
				"Goblin Panda"
			],
			"source_name": "ETDA:Goblin Panda",
			"tools": [
				"8.t Dropper",
				"8.t RTF exploit builder",
				"8t_dropper",
				"Agent.dhwf",
				"BackDoor-FBZT!52D84425CDF2",
				"BlueCore",
				"BrowsingHistoryView",
				"ChromePass",
				"CoreLoader",
				"Custom HDoor",
				"Destroy RAT",
				"DestroyRAT",
				"DropPhone",
				"FoundCore",
				"HDoor",
				"HTTPTunnel",
				"JsonCookies",
				"Kaba",
				"Korplug",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"NBTscan",
				"NewCore RAT",
				"PlugX",
				"ProcDump",
				"PsExec",
				"QCRat",
				"RainyDay",
				"RedCore",
				"RedDelta",
				"RoyalRoad",
				"Sisfader",
				"Sisfader RAT",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trojan.Win32.Staser.ytq",
				"USBCulprit",
				"Win32/Zegost.BW",
				"Xamtrav",
				"ZeGhost",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434202,
	"ts_updated_at": 1775826703,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f52aef01ad1861d37c421371dc889af75dc3e4aa.pdf",
		"text": "https://archive.orkl.eu/f52aef01ad1861d37c421371dc889af75dc3e4aa.txt",
		"img": "https://archive.orkl.eu/f52aef01ad1861d37c421371dc889af75dc3e4aa.jpg"
	}
}